biocrates life sciences ag
We are very delighted that you have shown interest in our enterprise.
We would like to point out that this website offer is exclusively addressed to commercial customers. If we request data in the context of forms or if you would like to contact us via the website, we would like to note that we only ask for corporate organizational information (e.g. business e-mail address, business phone number).
Data protection is of a particularly high priority for the management of biocrates life sciences ag. The use of the websites of biocrates life sciences ag is possible without any indication of personal data; however, if a data subject wants to use special enterprise services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to biocrates life sciences ag.
1. Name and Address of the controller
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:
biocrates life sciences ag
6020 Innsbruck, Austria
Phone: +43 (512) 579823
2. Data Protection Contact
3. Collection of general data and information (log-data)
The website of biocrates life sciences ag collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.
When using these general data and information, biocrates life sciences ag does not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, biocrates life sciences ag analyses anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
4. Contact possibility via the website
The website of biocrates life sciences ag contains information that enables a quick electronic contact to biocrates life sciences ag, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject according to Art. 6 (1) (b) or (f) GDPR. There is no transfer of this personal data to third parties.
You also have the opportunity to participate in (free) webinars from us. As part of the registration process, we collect personal data that is required to enable you to participate (Art. 6 (1) (b) GDPR). All mandatory data is marked with an “*”. The following data is regularly collected for registration: first name, last name, business e-mail address, country, company name.
4.1 Microsoft Teams
We use Microsoft Teams, a product from Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, USA for business development, professional communication and when conducting webinars. The legal basis is our legitimate interest (Art. 6 (1) (f) GDPR) and the contractual obligation (Art. 6 (1) (b) GDPR). If you do not wish to communicate with us via Microsoft Teams, please let us know. The use of offers such as webinars, etc. may not be possible in this case.
We use Zoom to conduct webinars, telephone and video conferences (hereinafter: "Online Meetings"). Zoom is a service of Zoom Video Communications, Inc. which is based in the USA. The legal basis is our legitimate interest (Art. 6 (1) (f) GDPR) and the contractual obligation (Art. 6 (1) (b) GDPR). If you do not wish to communicate with us via Zoom, please let us know. The use of offers such as webinars, etc. may not be possible in this case.
4.3 Data processing during online meetings
Various types of data are processed when you use Zoom or Microsoft Teams. The scope of the data also depends on the data you provide before or during participation in an "online meeting".
User details: first name, last name, telephone business (optional), business e-mail address, password (if "single sign-on" is not used), profile picture (optional), department (optional).
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information.
For recordings (only after consent has been given): MP4 file of all video, audio and presentation recordings, file of all audio recordings, text file of the online meeting chat.
When dialing in by telephone: information on incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.
Text, audio and video data: You may have the opportunity to use the chat, question or survey functions in an "online meeting". In this respect, the text entries you make are processed in order to display them in the "online meeting" and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can switch off or mute the camera or microphone yourself at any time via the applications.
In order to participate in an "online meeting" or to enter the "meeting room", you must at least provide information about your name.
Personal data processed in connection with participation in "online meetings" will not be disclosed to third parties as a matter of principle, unless they are specifically intended for disclosure. Please note that the content of online meetings, as well as personal meetings, is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.
Other recipients: The provider necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing contract, including standard contractual clauses with Zoom and Microsoft. As a complementary safeguard, we have configured Microsoft to use only data centres in the EU and the EEA.
In our webshop you have the possibility to buy our products. This requires registration in our webshop. In the course of registration, data will be collected from you: Name and first name of a contact person in the company and business e-mail address. You also have to enter a password. After confirming the link in the confirmation e-mail, you can log in. We will process the personal data you provide (salutation, title, business contact name and surname, company, company address, business contact details, transaction data) to process orders on the basis of Art. 6 (1) (b) GDPR. We will send the necessary information to the companies commissioned to deliver or execute the order, and to banks, insurance companies and service providers commissioned to execute the transaction, adjust claims, run credit checks and check sanctions lists. This also applies to the execution of any pre-contractual measures and post-contractual services and complaints.
6. Provision of personal data as statutory or contractual requirement; Requirement necessary to enter into a contract; Obligation of the data subject to provide the personal data; possible consequences of failure to provide such data
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded. Before personal data is provided by the data subject, the data subject must contact any employee. The employee clarifies to the data subject whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-provision of the personal data.
7. Routine erasure and blocking of personal data
The data controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.
If the storage purpose is not applicable, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.
8. Subscription to our newsletters
On the website of biocrates life sciences ag, users are given the opportunity to subscribe to our enterprise’s newsletter. The input mask used for this purpose determines what personal data are transmitted, as well as when the newsletter is ordered from the controller.
biocrates life sciences ag informs its customers and business partners regularly by means of a newsletter about enterprise offers. The enterprise’s newsletter may only be received by the data subject if (1) the data subject has a valid business e-mail address and (2) the data subject registers for the newsletter shipping (Art. 6 (1) (a) GDPR). A confirmation e-mail will be sent to the business e-mail address registered by a data subject for the first time for newsletter shipping, for legal reasons, in the double opt-in procedure. This confirmation e-mail is used to prove whether the owner of the business e-mail address as the data subject is authorized to receive the newsletter.
During the registration for the newsletter, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used by the data subject at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the business e-mail address of a data subject at a later date, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. In addition, subscribers to the newsletter may be informed by e-mail, as long as this is necessary for the operation of the newsletter service or a registration in question, as this could be the case in the event of modifications to the newsletter offer, or in the event of a change in technical circumstances. The subscription to our newsletter may be terminated by the data subject at any time. The consent to the storage of personal data, which the data subject has given for shipping the newsletter, may be revoked at any time. For the purpose of revocation of consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter at any time directly on the website of the controller, or to communicate this to the controller in a different way.
8.1 Newsletter Provider
We use the provider Zoho to send our newsletter or campaigns. Zoho is an US company. Zoho Corporation B.V., Beneluxlaan 4B, 3527 HT Utrecht, The Netherlands is responsible for the European region. Zoho receives the personal data that you provide to us as part of the newsletter registration in order to send the newsletter on our behalf or to contact you as part of a campaign. In order to adequately protect your data, we have concluded a data processing agreement with Zoho, including standard contractual clauses. Zoho is a certified service provider. You can find all information about the certifications and data protection at: https://www.zoho.com/compliance.html (certifications); https://www.zoho.com/gdpr.html (Data Protection).
The newsletter of biocrates life sciences ag contains so-called tracking pixels. A tracking pixel is a miniature graphic embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, biocrates life sciences ag may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. biocrates life sciences ag automatically regards a withdrawal from the receipt of the newsletter as a revocation.
We use Matomo, a analytics software for websites. Service provider is InnoCraft Ltd., 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. We host the software on our own servers, so there is no data transfer to Matomo or other third-parties. Matomo does not set any cookies on your device. We have activated IP anonymisation. We use Matomo on the basis of our legitimate interest (Art. 6 (1) (f) GDPR) to improve our website offering.
Further information on data protection at Matomo can be found under the following link: https://matomo.org/privacy-policy/?msclkid=cfdf41c0c84a11ecb575e3590a32ccdb.
9.2 Google Fonts
We use Google Fonts on our websites (Art. 6 (1) (f) GDPR). Google Fonts is a directory of over 800 fonts that Google Inc. makes available to its users free of charge. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services. You do not have to register to use Google fonts and no cookies are stored in your browser. The files (CSS, fonts) are requested via the Google domains fonts.googleapis.com and fonts.gstatic.com. According to Google, the requests for CSS and fonts are completely separate from all other Google services. Even if you have a Google account, your Google account information is not transmitted to Google. Google records the use of CSS (Cascading Style Sheets) and the fonts used and stores this data securely.
Google Fonts allows us to use fonts on our websites without having to upload them to our own server. Google Fonts is an important component in keeping the quality of our web pages high and speeding up the loading time. All Google Fonts are automatically optimised for the web. This saves data volume and is a great advantage especially for use with mobile devices. Thanks to the fast Content Delivery Network (CDN), there are no cross-platform problems with Google Fonts. Google Fonts supports all major browsers and works reliably on most modern mobile operating systems.
When you visit our websites, the fonts are reloaded via a Google server. This transmits data to the Google servers. In this way, Google also recognises that you or your IP address are visiting our website. The Google Fonts API ("Application Programming Interface") was developed to reduce the use, storage and collection of end user data to what is necessary for the proper provision of fonts. Each Google Font request also automatically transfers information such as language settings, IP address, browser version, browser screen resolution and browser name to the Google servers. Whether this data is also stored cannot be clearly determined or is not clearly communicated by Google. Google stores requests for CSS assets for one day on its servers, which are mainly located outside the EU. The font files are stored by Google for one year. Through the collected usage figures, Google can determine how well the individual fonts are received. Google thus pursues the goal of fundamentally improving the loading time of websites.
The data that Google stores for one day or one year cannot simply be deleted. The data is automatically transmitted to Google when the page is called up. To delete this data prematurely, you must contact Google support at https://support.google.com/?hl=de&tid;=331599984595. In this case, you can only prevent data storage if you do not visit our site.
You can find out more about Google Fonts and other questions at:
Our websites use YouTube, which belongs to Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland is responsible for data processing in Europe.
When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
We use the podcast hosting service Podigee from the provider Podigee GmbH, Schlesische Straße 20, 10997 Berlin, Germany. The podcasts are loaded by Podigee or transmitted via Podigee.
The data subject may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
Cookie Optin – Plugin
We use the plugin Borlabs Cookie of the provider Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany. Further information on data protection at the Borlabs GmbH can be found under the following link: https://borlabs.io/privacy/.
Here you can check or change your current settings and find further information about the cookies we use:
Your cookie settings
11. Data protection for applications and the application procedures
The data controller shall collect and process the personal data of applicants for the purpose of the processing of the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on the website to the controller. If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements (Art. 6 (1) (b) GDPR). If no employment contract is concluded with the applicant by the controller, the application documents shall be automatically erased six months after notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interest in this relation is, e.g. a burden of proof in a procedure under the General Equal Treatment Act (AGG). If consent has been given, longer data storage is also possible. Our website contains a link to apply for our position directly through a web form. For this purpose, we link to the SmartRecruiters platform. Please note that the data protection responsibility in this case lies with SmartRecruiters. All information on data protection at SmartRecruiters can be found at: https://www.smartrecruiters.com/legal/candidate-privacy-policy/august-13-2020/
12. Rights of the data subject
According to the GDPR, you have various rights with regard to your data:
- Access: you may request confirmation as to whether data relating to you is being processed and, if so, you may request access to that data and further information about the data processing and a copy of the data, Article 15 GDPR.
- Rectification: you have the right to request rectification of inaccurate personal data and completion of incomplete personal data without undue delay, Article 16 GDPR.
- Data erasure / restriction of processing: You may request that data concerned be erased without undue delay (Article 17 GDPR) or that processing be restricted (Article 18 GDPR).
- Data portability: You have the right, under the conditions of Article 20 of the GDPR, to receive the data you have provided and to transfer this data to another controller without hindrance from us.
- Complaint: You may file a complaint with the competent supervisory authority pursuant to Article 77 GDPR.
- Revocation and objection: You may revoke consents granted in accordance with Article 7(3) GDPR with effect for the future. In addition, you may object to future processing of data relating to you at any time in accordance with Article 21 of the GDPR.
13.1. Data processing through the social media provider
We appreciate your visit to our social media pages. The provider of the respective social media platform is responsible for the processing of personal data on the social media platform itself on which we operate our social media pages.
The social media platforms also provide us with anonymous usage statistics (so-called page insights data) of our social media pages based on the actions and interactions of our followers. We have no influence or access to the compilation and processing of these usage statistics and the underlying data, it is carried out under the sole responsibility of the operator of the respective social media platform and without us being able to view personal data of individual followers or users. It may happen that the social media platforms themselves compile personalised usage statistics, for example for their own market research, advertising, other commercial or business purposes, and also process personal data outside the European Union, which we also have no influence over or access to. For further information on the processing of your personal data by the operator of the respective social media platform in the context of the creation and processing of usage statistics, please refer to the information on usage statistics on the following websites of the respective social media platform. The contact person for the exercise of your rights is primarily the provider of the respective social media platform, who alone can provide direct access to the required information or the functionality of the respective platform and take direct action. Insofar as the support of us is possible or necessary, we will of course support you and, for example, forward your request to exercise your rights toward the provider of the respective social media platform to the provider.
Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
Usage statistics: https://business.twitter.com/de/analytics/audience-insights.html
Data privacy settings: https://help.twitter.com/de/safety-and-security/privacy-controls-for-tailored-ads
Contact for data subject requests: https://twitter.com/de/privacy
LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2 Irland
Usage statistics: https://business.linkedin.com/de-de/sales-solutions/sales-insights
Data privacy settings: https://www.linkedin.com/psettings/advertising-data
Contact for data subject requests: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
13.2 Data processing through us when visiting our social media presence
When you visit our social media site, we process your actions and interactions with our social media site (e.g. the content of your messages, enquiries, posts or comments that you send to us or leave on our social media sites or when you like or share our posts) as well as your publicly viewable profile data (e.g. your name and profile picture). Which personal data from your profile is publicly viewable depends on your profile settings, which you can adjust yourself in your settings on the social media platform in each case. Please generally take care not to transmit or share sensitive data or confidential information (e.g. application documents, bank or payment data) via social media platforms; we recommend that you use a more secure means of transmission (e.g. letter post, e-mail). We operate our social media sites and process the aforementioned data for the purpose of providing information about us and our products and communicating with our followers and interested parties. This data processing is carried out on the basis of our legitimate interests (Art. 6 (1) (f) GDPR) and, where applicable, in order to respond to your messages, enquiries, contributions or comments that you send to us (Art. 6 (1) (b) GDPR). We check whether comments or other interactions on our social media pages violate applicable law or the respective community guidelines and delete such comments if necessary. In the event that such comments occur frequently, we may process the user names involved for internal coordination purposes. We base this processing on our legitimate interest (Art. 6 (1) (f) GDPR) in providing a reputable online presence and meeting legal requirements.
The social media platforms also provide us with anonymous usage statistics (so-called analytics services or page insights data) of our social media pages based on the actions and interactions of our followers (e.g. likes, shares, comments, etc.), number of followers, views of individual page areas, reach of a post as well as statistics on followers according to age, language, origin or interests), which help us to get in touch with our followers and interested parties, to understand the use and reach of our posts, to evaluate content and to recognise usage preferences as well as to be able to design our social media pages to be as target group-oriented as possible. We have no influence or access to the compilation and processing of these usage statistics and the underlying data; it is carried out under the sole responsibility of the provider of the respective social media platform and without us being able to view personal data of individual followers or users . This data processing is based on our legitimate interests.
We also use these anonymous usage statistics to display targeted interest-based advertisements on the social media platforms we use or to highlight our posts. The display of interest-based advertisements or the highlighting of posts on the social media platforms we use is carried out on the basis of an analysis of the user's prior usage behaviour by the respective social media platform without us being able to view personal data of individual users or merge it with any personal data we may process or obtain knowledge of the identity of the users to whom interest-based advertisements are displayed. This data processing is based on our legitimate interests. Insofar as, in the context of interest-based advertising, we would exceptionally carry out a so-called extended comparison with customer lists to be uploaded by us to the respective social media platform, this would only be done on the basis of consent granted by you for this purpose (Art. 6 (1) (a) GDPR).
We will process your personal data for as long as is necessary for the aforementioned purposes. In the event of an objection to processing based on our legitimate interests, we will delete personal data unless its further processing is permitted under the relevant legal provisions. We also delete personal data if we are obliged to do so for other legal reasons. Applying these general principles, we generally delete personal data immediately after the legal basis ceases to exist, if it is no longer required for the stated purposes or if the stated purposes cease to exist and if there is no other legal basis (e.g. retention periods under commercial and tax law), otherwise after the other legal basis ceases to exist.
As part of the provision of our social media pages, we might work with service providers (e.g. IT service providers or advertising and content agencies as well as HR consultancies that support us in the creation of our posts and the provision and optimisation of our social media page and our recruiting). To the extent that these service providers process personal data on our behalf, we have concluded a data processing agreement with these service providers and have agreed on appropriate guarantees to ensure the protection of personal data. We also carefully select our service providers, they process personal data exclusively for the performance of their tasks and are contractually bound to our instructions, have appropriate technical and organisational measures in place to protect personal data and are regularly monitored by us.